Weekly GitHub Report for Node: July 28, 2025 - August 04, 2025 (12:05:32)
Weekly GitHub Report for Node
Thank you for subscribing to our weekly newsletter! Each week, we deliver a comprehensive summary of your GitHub project's latest activity right to your inbox, including an overview of your project's issues, pull requests, contributors, and commit activity.
Table of Contents
I. News
1.1 Recent Version Releases:
The current version of this repository is v23.10.0
1.2 Version Information:
Released on March 13, 2025, this version introduces the --experimental-config-file feature, allowing developers to use JSON configuration files to simplify flag management for the test runner and other experimental features, enhancing developer experience. Additionally, it includes updates to root certificates, new TLS and V8 methods, improved error handling, and various documentation and tooling enhancements.
II. Issues
2.1 Top 5 Active Issues:
We consider active issues to be issues that that have been commented on most frequently within the last week. Bot comments are omitted.
-
Node does not throw on non standard method: This issue reports that Node.js does not throw an error or emit an error event when an HTTP request uses a non-standard method such as "LIST," even though the internal HTTP parser detects it as invalid. The user expects Node.js to handle such invalid methods by throwing or emitting an error, but instead, the request ends without reaching the server handler, causing confusion about how to properly manage non-standard HTTP methods.
- The comments clarify that Node.js currently detects invalid HTTP methods and users can handle these errors by listening to the 'clientError' event on the server, with an example provided for handling such cases. It is also discussed that non-standard HTTP methods are not considered runtime errors by design, as the HTTP specification allows arbitrary methods for extensibility, and the runtime intentionally passes them through unless explicitly handled by the application.
- Number of comments this week: 5
-
add Uint8Array to/from base64 and hex: This issue requests the addition of methods to convert
Uint8Arrayinstances to and from base64 and hexadecimal string representations, following the TC39 stage 3 proposal. Implementing this feature would reduce boilerplate code by providing native support for these conversions directly onUint8Array.- The comments clarify that such functionality must be implemented within the V8 JavaScript engine itself, referencing ongoing progress tracked in a Chromium issue and noting a similar request already made for the Deno runtime.
- Number of comments this week: 2
-
Use simdjson in JSONParser: This issue proposes replacing the existing JSONParser, which relies on the V8 JSON parser, with simdjson to simplify JSON parsing and avoid initialization dependencies. The current parser's design causes a chicken-and-egg problem when parsing configurations before V8 is initialized, and using simdjson directly would streamline this process.
- The comment suggests that the best migration approach is to eliminate the current JSONParser interface entirely, as it depends on random access, and instead use simdjson directly in all places where JSONParser is currently used, following simdjson's recommended method of iterating over fields in a loop.
- Number of comments this week: 1
-
Expand documentation for Zstd strategy parameter (ZSTD_c_strategy) and constants in node:zlib: This issue requests the expansion of the Node.js zlib module documentation to include the Zstandard compression parameter
ZSTD_c_strategyand its related constants, which are currently supported internally but not documented. It also suggests adding usage examples to improve developer understanding and align with existing documented Zstd options.- A contributor expressed interest in addressing the issue by opening a pull request to document the missing constants.
- Number of comments this week: 1
Since there were fewer than 5 open issues, all of the open issues have been listed above.
2.2 Top 5 Stale Issues:
We consider stale issues to be issues that has had no activity within the last 30 days. The team should work together to get these issues resolved and closed as soon as possible.
- Flaky GC-related tests with V8 12.2: This issue addresses flaky garbage collection (GC)-related tests that have become unreliable with the update to V8 version 12.2, specifically mentioning tests like
test-shadow-realm-gc-module,test-shadow-realm-gc, andtest-net-write-fully-async-hex-string. The discussion suggests skipping these tests temporarily due to their instability caused by changes in V8's GC strategy, with plans to find a more reliable testing approach in the future. - Flaky
test-worker-arraybuffer-zerofillwith V8 12.2: This issue concerns the flaky behavior of thetest-worker-arraybuffer-zerofilltest when running with V8 version 12.2, where the test intermittently fails due to a timeout after approximately 300 seconds. The problem may stem from either a genuine bug or broken timing assumptions causing lost messages, and the current approach is to mark the test as flaky while adding additional logging to aid in debugging. - Support loading dynamic addon modules (
.nodefiles) when embedding the Node.js shared library without needing to link withnode.def: This issue addresses the challenge of loading dynamic Node.js addon modules (.nodefiles) on Windows when Node.js is embedded as a shared library, specifically without the need to link the embedding executable with thenode.deffile to reexport necessary symbols. The proposed feature suggests enhancing the delay load hook mechanism to optionally use an environment variable to locate the Node.js shared library module handle, thereby enabling addon modules to load correctly without relying on the executable's symbol exports, though potential security concerns remain to be evaluated. - Please make Node.js embeddable (e.g. libnode): This issue requests the creation of an embeddable version of Node.js, such as a
libnodelibrary, to allow projects to integrate the Node.js runtime and standard library within other host environments, like Rust-based applications. The current lack of an easily embeddable Node.js runtime forces developers to rely on incomplete alternatives, and this feature would enable better reuse of existing tooling and dependencies without requiring significant rewrites. - unable to sign with external OpenSSL engine after usage of crypto.hash: This issue describes a problem where signing data with an external OpenSSL engine (specifically the gost-engine) fails after using the crypto.createHash function in Node.js version 21.7.1 on a Linux Debian system. The error occurs consistently and produces an "unsupported" digital envelope routines error, which did not happen in earlier Node.js versions (21.6.2 and before), suggesting a regression likely related to recent changes in the Node.js crypto subsystem.
2.3 Open Issues
This section lists, groups, and then summarizes issues that were created within the last week in the repository.
Issues Opened This Week: 10
Summarized Issues:
- Documentation Improvements: Several issues focus on enhancing documentation clarity and completeness. These include adding background color to the documentation menu for better visibility in dark/light modes, expanding zlib module docs to cover Zstandard compression parameters, and documenting missing public properties of
TextContextfor improved logging capabilities. - issues/59282, issues/59290, issues/59321
- Data Conversion and Parsing Enhancements: Proposals to improve data handling include adding native support for converting Uint8Array to base64 and hex strings, and replacing the V8-based JSON parser with simdjson to simplify parsing and remove dependencies on V8 initialization.
- issues/59285, issues/59288
- HTTP and Stream Error Handling Issues: There are problems with error signaling in HTTP requests and stream handling. Node.js does not emit errors for invalid HTTP methods like "LIST," and the
finishedfunction in the stream module fails to detect errors in HTTP pipelines on the same socket, causing ambiguity about message completion. - issues/59303, issues/59325
- Test Failures Due to Platform Object Attributes: Updates to web platform tests cause failures because legacy objects like localStorage and sessionStorage incorrectly have configurable property descriptors, leading to unexpected test failures related to the [[Configurable]] attribute.
- issues/59310
- Installation Failures on Windows Due to Disk Space: The Node.js 24.5.0 setup on Windows 10 fails to install the visualstudio2019-workload-vctools package because of insufficient disk space, requiring at least 6.32 GB free. This causes the installation script to exit with errors despite some non-critical errors that do not block progress.
- issues/59326
- Validator Function Enhancements: A proposal suggests improving internal validation functions by allowing customizable expected type parameters to increase flexibility and reduce code duplication when validating complex or union types.
- issues/59331
2.4 Closed Issues
This section lists, groups, and then summarizes issues that were closed within the last week in the repository. This section also links the associated pull requests if applicable.
Issues Closed This Week: 14
Summarized Issues:
- Documentation and Verification Instructions: This issue highlights the absence of documented instructions in the Node.js README for importing PGP keys used to sign previous releases, which is necessary for users to verify past release signatures properly. It provides categorized guidance and commands to retrieve these keys from various keyservers or direct imports to ensure proper verification.
- issues/58979
- Test Failures and Race Conditions: The parallel/test-config-file test intermittently fails because the inspector cannot start on the default debugging port 9229, likely due to a race condition with another test opening the inspector. This causes instability in test runs and requires addressing port conflicts during parallel testing.
- issues/59152
- File Handling and Error Messaging: The fs.FileHandler emits a misleading "file closed" error after a file handle has been transferred between worker threads, when it should indicate the file has been transferred. This causes confusion in error reporting related to file handle state across threads.
- issues/59155
- CPU Reporting in Container Environments: The os.availableParallelism() function does not correctly reflect Docker's --cpus setting when it is less than 1, instead reporting the host's total CPU count rather than the container's limited CPU quota. This leads to inaccurate CPU availability reporting inside containers.
- issues/59200
- Performance Issues on Windows with Cluster Mode: Using Node.js cluster mode for high-concurrency file uploads on Windows results in unexpectedly higher latency due to less efficient disk I/O and IPC overhead. Worker pool threads provide better performance for I/O-bound tasks on this platform compared to cluster mode.
- issues/59222
- Placeholder and Undocumented Issues: Some issues such as "Teste" and "DMEA-BOT" are placeholders or contain no additional description or comments, indicating incomplete or test entries in the repository.
- issues/59250, issues/59305
- Security and Package Updates: There is a query about updating the brace-expansion package from version 2.0.1 to 2.0.2 to address a low severity vulnerability (CVE-2025-5889). Clarifications confirm the fix is included in npm versions bundled with Node.js 24.3.0 and later, with manual update workarounds for earlier versions.
- issues/59253
- API Changes and Compatibility Breaks: The util.isDate function, previously a convenience alias for util.types.isDate, is no longer available in Node.js v23.11.1, causing TypeErrors in code or dependencies that call it. This removal breaks backward compatibility for some users.
- issues/59263
- Null Pointer Dereference Risk: The ReadDir function in /src/node_file.cc lacks a nullptr check for the result of GetReqWrap, which can lead to a null pointer dereference and potential crashes. This indicates a missing safety check in native code.
- issues/59266
- REPL Crashes on Variable Declarations: Node.js v24.4.1 REPL crashes 100% of the time when typing the first character of a
letorvardeclaration due to a TypeError related to reading properties of null during expression completion. Declaring variables withconstworks correctly, indicating a specific issue withletandvarhandling in the REPL. - issues/59268, issues/59274
- Documentation UI Improvements: The documentation menu has a transparent background causing visibility issues, and adding a background color that adapts to the system's dark or light mode is proposed to improve readability.
- issues/59281
- Bot System Discussions: There are issues related to the introduction or discussion of a new bot system in the Node.js project, indicating ongoing work or proposals around automation or bot integration.
- issues/59328
2.5 Issue Discussion Insights
This section will analyze the tone and sentiment of discussions within this project's open and closed issues that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.
Based on our analysis, there are no instances of toxic discussions in the project's open or closed issues from the past week.
III. Pull Requests
3.1 Open Pull Requests
This section provides a summary of pull requests that were opened in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.
Pull Requests Opened This Week: 34
Key Open Pull Requests
1. crypto: support ML-DSA KeyObject, sign, and verify: This pull request adds support in the Node.js crypto module for ML-DSA asymmetric KeyObject types introduced in OpenSSL 3.5, enabling key import/export in multiple formats, key generation, signing, and verification functionalities as part of advancing post-quantum cryptography standards.
- URL: pull/59259
- Merged: No
- Associated Commits: 69fc4, ce580, d8d10, 24670, aaa2d, bba6d, a3a2f, 46786, e1598, 7e614, 657b4, fd954, 7b102
2. docs: improve llms.txt module descriptions: This pull request enhances the llms.txt module descriptions by adding llm_description YAML nodes to the new API docs tooling, enabling more meaningful and structured descriptions of module entries beyond the previous fallback to the first paragraph of module documentation.
- URL: pull/59264
- Merged: No
3. doc: update deprecation guide for util.is**(): This pull request updates the deprecation guide for the util.is**() methods by recommending modern alternatives, incorporating feedback from @ljharb, and includes several fixes and improvements related to handling null and undefined values as well as lint corrections.
- URL: pull/59269
- Merged: No
Other Open Pull Requests
- QUIC support re-enablement: This pull request initiates re-enabling QUIC support by updating dependencies and adding conditional compile-time checks to enable QUIC only when OpenSSL version 3.5.1 or higher is present. It maintains backward compatibility and prepares for an incremental transition to a new compile guard system.
- Windows reserved device names handling: This pull request improves handling of Windows reserved device names in UNC paths during path normalization and joining to prevent these names from being incorrectly skipped or removed.
- Buffer module encoding performance: This pull request introduces an LRU cache for the
getEncodingOps()function in the buffer module, achieving up to 85% faster repeated encoding operations. It maintains backward compatibility with minimal memory overhead.
- http.Agent keep-alive timeout adjustment: This pull request adds a new configurable option
agentKeepAliveTimeoutBufferto adjust the effective timeout for Keep-Alive connections by subtracting a buffer from the server's timeout. It includes fallback handling for invalid values, documentation updates, and tests.
- Test module documentation update: This pull request updates documentation by adding the previously missing
passedanderrorproperties to theTextContextinterface in the test module, referencing related issues and prior implementations.
- WASI setupInstance backport: This pull request backports the exposure of the
setupInstancemethod on the WASI class to the v22.x branch, enhancing WASI module functionality by making this method accessible.
- Safer array iteration and linting: These pull requests replace
for...ofloops with index-based loops to align with safer array iteration practices and improve performance by up to 5.7%. They also add a new linting rule to prevent unsafe array iteration.
- C++20 contains() method refactor: This pull request refactors multiple instances of
v.find(...) == v.end()andv.find(...) != v.end()to use the more expressive and readable C++20contains()method.
- process.nextTick() optimization: This pull request optimizes
process.nextTick()by implementing object pooling, argument array pooling, buffer reuse, and batch processing to reduce memory allocations and garbage collection pressure. It results in 15–53% throughput improvements while maintaining full backward compatibility and passing all tests.
- zlib.constants documentation: This pull request adds documentation for the previously undocumented
ZSTD_c_strategyparameter and its possible values in the zlib.constants API, including an example, addressing issue #59290.
- JUnit reporter isSkipped fix: This pull request fixes the
isSkippedfunction in the JUnit reporter by correcting its check and preventing a potentialTypeErrorwhen a test event lacks adetailsobject, avoiding reporter crashes.
- Typographical error corrections: This pull request corrects minor typos in comments and variable names, fixing misspellings such as "transferd" to "transferred" and "depandant" to "dependant," though one typo fix was later reverted.
- Locale-independent test modification: This pull request modifies the
test-debug-process.jstest to be locale-independent by changing error assertions from localized messages to language-neutral error number properties, ensuring consistent test passing on non-English Windows systems.
- Worker thread global property protection: This pull request adds getter and setter methods to protect the global object's
_evalproperty in theworker_thread.jsmodule.
- Memory API optimization: This pull request optimizes memory API usage by ensuring reported constrained memory is the minimum between
constrained_memoryanduv_get_total_memory, always including constrained memory even if zero.
- Test runner fake timers compatibility: This pull request updates the test runner to be compatible with fake timers by addressing issues caused when
setTimeoutis monkey-patched and may lack the expected symbol, preparing for its planned removal.
- FastOneByteString warning: This pull request introduces a minor warning regarding the use and potential invalidation of FastOneByteString in the source code.
- System CA environment variable: This pull request introduces the environment variable
NODE_USE_SYSTEM_CA=1to complement the existing--use-system-caflag, enabling this setting to be applied individually to worker threads in the Node.js CLI.
- Glossary documentation updates: These pull requests propose updates to the
glossary.mdfile involving documentation refactoring, content enrichment, and adding the term "CC" to enhance clarity and understanding.
- LoongArch64 CPU profiling fix: This pull request cherry-picks a V8 commit fixing occasional CPU profiling test errors on LoongArch64 by modifying the code generator to avoid memory accesses below the stack pointer, complying with the LoongArch ABI specification.
- Crypto module webcrypto refactor: This pull request refactors the crypto module's webcrypto key import and export code to prepare for integration of modern algorithms proposed in the upcoming WICG webcrypto extension, without changing observable behavior or results.
- Removal of unused DSAKeyExportJob: This pull request proposes removing the unused
DSAKeyExportJobfrom the source code, a leftover component related to Node-only Web Cryptography algorithms.
- Test runner watch mode timestamp: This pull request introduces a feature in the test runner to print a timestamp as the first line in watch mode, enhancing clarity for test restarts and log readability by creating a new 'timestamp' event and updating tests accordingly.
3.2 Closed Pull Requests
This section provides a summary of pull requests that were closed in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.
Pull Requests Closed This Week: 49
Key Closed Pull Requests
1. Test runner/add restart timestamp: This pull request aims to enhance the test runner by always printing a timestamp as the first line in watch mode, improving clarity during test restarts and making logs easier to read, achieved by creating a new 'timestamp' event and updating tests accordingly.
- URL: pull/59302
- Merged: No
2. src: add percentage support to --max-old-space-size: This pull request adds support for specifying the --max-old-space-size option as a percentage of system memory, including parsing, validation within a 0-100% range, error handling for invalid inputs, calculation of heap size based on available memory, updated test coverage, and documentation enhancements with examples for both percentage and megabyte formats.
- URL: pull/59082
- Merged: 2025-07-28T05:06:17Z
3. doc: add note on process memoryUsage: This pull request proposes adding documentation notes regarding a known RSS memory leak issue related to the process.memoryUsage method in Node.js, although it was ultimately not merged.
- URL: pull/59026
- Merged: No
Other Closed Pull Requests
- Build and Dependency Updates: These pull requests update the build configuration to require a minimum Clang version 19 as mandated by V8 and include related dependency updates and fixes to suppress specific Clang warnings. They also propose updating the macOS runner and Xcode to require Xcode 16.4 and macOS 15 in preparation for Node.js 25, ensuring compatibility with new development environment requirements.
- Fast API Changes and Backports: A manual backport to the v22.x branch incorporates several fast API changes, including fixing and removing problematic fast paths in InternalModuleStat and simplifying the addition of fast APIs to the ExternalReferenceRegistry. This ensures future pull requests touching the fast API can be backported cleanly.
- Documentation Improvements: Updates replace the previously recommended third-party server with the nodejs/release-keys repository as the preferred source for verifying Node.js releases while retaining instructions for key.openPGP.org. Additionally, formatting inconsistencies in documentation generated by the web generator are addressed to ensure a more consistent and polished output.
- Benchmark Tool Enhancements: New
setupandteardownoptions are introduced to the Benchmark tool to run code before any forks are created and after all forks complete, respectively. Acalibrate-n.jsscript is also added to determine the optimal number of iterations for benchmarks, minimizing variance and reducing overall benchmark suite runtime.
- Memory Leak Fix in Module Linking: This pull request addresses a memory leak by modifying the module linking process to clear all global references for linked modules using a stack-based
ModuleInstantiationContext. This ensures proper release of references oncev8::Module::InstantiateModulecompletes, improving behavior especially forvm.SourceTextModule.
- Test and Logging Improvements: An event emitter is added to log a timestamp as the first line whenever tests are restarted in watch mode, enhancing log clarity. Other test improvements include updating test-http-outgoing-buffer.js to avoid using exposed internals and cleaning up the test_runner module by removing an unused callee conversion.
- Worker Module Enhancements: A new
worker.cpuUsagemethod is added to the worker module, similar to existing methods likeworker.getHeapStatisticsandworker.getHeapSnapshot, enhancing CPU usage monitoring within worker threads.
- Internal Binding and Typings Improvements: Typings for the
async_context_frame,icu, andseabindings are added, along with several missing exports on other bindings and a few missing primordials, improving internal binding types in the Node.js project.
- HTTP and HTTP/2 Module Updates: The
writeHeaderfunction is formally deprecated at runtime in the HTTP module after being deprecated in documentation for over seven years. The HTTP/2 implementation is updated to ensure theHttp2Stream#sentHeadersproperty is correctly set for raw header arrays as well as header objects, maintaining performance on the fast path.
- Error Message and Typo Fixes: Fixes include correcting the error message when a FileHandle is transferred in the filesystem module and fixing a typo in the README.md file by correcting "unmask" to "umask".
- Test Selection and Regex Updates: The test selection tool is updated to allow matching and running test subsystems that include numbers in their names by modifying the regex pattern, enabling tests like "http2" to be correctly recognized and executed.
- Miscellaneous Updates: This includes adding the nodejs/path module to the path files in the project and rewording the node-api requirement to prove implementability in another VM rather than mandating implementation in an alternative VM, relieving contributors from forced implementation while maintaining ABI stability.
- Revert of Network Resource Support: A pull request reverts a previous commit related to initial support for Network.loadNetworkResource to investigate and address issues with a flaky parallel test.
- Unmerged Patch Proposal: A proposed update to the trap-handler.h.patch file was submitted but not merged.
3.3 Pull Request Discussion Insights
This section will analyze the tone and sentiment of discussions within this project's open and closed pull requests that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.
Based on our analysis, there are no instances of toxic discussions in the project's open or closed pull requests from the past week.
IV. Contributors
4.1 Contributors
Active Contributors:
We consider an active contributor in this project to be any contributor who has made at least 1 commit, opened at least 1 issue, created at least 1 pull request, or made more than 2 comments in the last month.
If there are more than 10 active contributors, the list is truncated to the top 10 based on contribution metrics for better clarity.
| Contributor | Commits | Pull Requests | Issues | Comments |
|---|---|---|---|---|
| jasnell | 20 | 4 | 1 | 74 |
| aduh95 | 14 | 6 | 0 | 32 |
| joyeecheung | 20 | 5 | 7 | 19 |
| panva | 20 | 7 | 1 | 11 |
| RafaelGSS | 21 | 9 | 0 | 6 |
| himself65 | 13 | 5 | 1 | 16 |
| Renegade334 | 10 | 5 | 0 | 18 |
| theanarkh | 9 | 6 | 1 | 12 |
| haramj | 20 | 2 | 0 | 2 |
| mertcanaltin | 14 | 2 | 0 | 8 |